Tracker error messages are inadequately output encoded when rendered by the
tracker information page inside the WebUI, allowing a malicious tracker to
inject an XSS payload into the page. Esploiting this issue allows an
attacker to supply arbitrary client-side code that will ultimately be
rendered and executed within the end user's web browser.
Found by Rory McNamara (Gotham Digital Science). CVE pending.
Set the first version component to be the same as the last Subversion-based
release build version and add two more components (major and minor version
numbers). To allow for nightly build updates this should probably include
another component (e.g. build timestamp), but we're not there yet.
This seems to be the idiomatic way to fix libressl compatibility issues,
judging by what most other open source projects seem to be doing.
I've confirmed that transmission builds with libressl for me after this
patch is applied.
In compact torrents view, use BAR_WIDTH as groove area width instead of
total progress bar width, to improve the appearance in case progress text
is drawn outside of the groove area (because of style settings).
Initial patch provided by dubhater.
Fixes: #491
While zlib is mandatory for transmission, it is not mandatory for curl.
A libcurl that has been compiled with no support for zlib will return no data if compressed responses are set to on.
In the basic case this prevents the port checking functionality from working properly. It also prevents web seeding from working as well.
An assertion failure happens shortly after opening the
"Torrent properties" dialog if the torrent's root folder has
a one-letter name, e. g.
A/
A/Some Linux distro.iso
A/Some other Linux distro.iso
Off by one errors are great, eh?
This fixes https://trac.transmissionbt.com/ticket/6141
This adjusts to the new ImageMagick command naming (way to go,
GraphicsMagick had this from the beginning) and avoids confusion with
same-named windows utility which serves completely different purpose.
While resolved paths always contain the `\\?\` prefix, it's not always
correct to strip only those 4 chars. In case of UNC paths, the prefix
is actually a bit longer (`\\?\UNC\`) and needs to be replaced with `\\`
instead.
Failing to do so results in invalid paths, e.g. `\\Host\Share\File` becomes
`UNC\Host\Share\File` which totally wrong.
While resolved paths always contain the `\\?\` prefix, it's not always
correct to strip only those 4 chars. In case of UNC paths, the prefix
is actually a bit longer (`\\?\UNC\`) and needs to be replaced with `\\`
instead.
Failing to do so results in invalid paths, e.g. `\\Host\Share\File` becomes
`UNC\Host\Share\File` which totally wrong.
Store full revision hash in REVISION file. Write fixes 10 chars of revision
hash to version.h. Use `#pragma once` in version.h. Support getting revision
from TeamCity environment variable (similar to Jenkins).